Code: Select all
ParseELFImage:
; Check for signature -- SUCCEEDS
mov ebx, dword [IMAGE_PMODE_BASE]
mov eax, dword [ELFSignature]
cmp eax, ebx
jne FailureMagic
; Check for proper data encoding -- SUCCEEDS
add ebx, 5
cmp ebx, 0
je FailureData
; Check for proper file size -- FAILS
xor ebx, ebx
mov bx, word [IMAGE_PMODE_BASE + 40]
mov word [ImageSizeTest], bx
mov bx, word [IMAGE_PMODE_BASE + 42]
mov ax, word [IMAGE_PMODE_BASE + 44]
mul bx
mov bx, dx
shl ebx, 16
or bx, ax
add dword [ImageSizeTest], ebx
xor ebx, ebx
mov bx, word [IMAGE_PMODE_BASE + 46]
mov ax, word [IMAGE_PMODE_BASE + 48]
mul bx
mov bx, dx
shl ebx, 16
or bx, ax
add dword [ImageSizeTest], ebx
mov ebx, dword [ImageSizeTest]
mov eax, dword [ImageSize]
cmp ebx, eax
jge FailureSizes
I've relooked over my calculations plenty of times, and at first my offsets were way off, but I don't see it anymore.